Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.13.0, 7.13.0-alpha5
Affects Version/s: None
Component/s: engine
Labels:
None

Similar to ~~CAM-9395~~

Introduce new historic process resource with permission READ
The historic process instance authorizations are enforced for the following queries
- Historic Process Instance
- Historic Activity Instance
- Historic Task
- Historic Variable & Detail
- Identity Link Log
- Historic Incident
- Job Log
- External Task Log
- User Operation Log
History Cleanup
- When a user creates an authorization on the historic process instance resource and enters a resource id of an existing historic process instance, the root process instance id and if already present the removal time is set to the authorization
- The batch operation "Set Removal Time for Processes" takes historic process instance authorizations into account
- The cleanup execution takes historic process instance authorizations into account
- The legacy history cleanup mechanism (end time based) does not take historic process instance authorizations into account
When enableHistoricInstancePermissions is disabled, ...
- and a user proactively creates a historic process instance authorization, the root process instance id/removal time is added if available
- the extra SQL for queries is skipped
Historic process instance authorizations are removed when the historic process instance is removed via API
In Admin, I can grant the newly introduced authorizations
I can read docs

is related to

CAM-11954 In Webapps, historic instance permission check is missing

Closed

CAM-9395 Historic Task Autorizations

Closed

CAM-11741 Remove unnecessary left join in variable & detail query for historic instance permissions

Closed

1.	Introduce HISTORIC_PROCESS_INSTANCE resource with permission READ	Closed	Unassigned
2.	Historic permission can be enabled with config flag	Closed	Unassigned
3.	Authorization is enforced for process instance query	Closed	Unassigned
4.	Authorization is enforced for activity instance query	Closed	Unassigned
5.	Authorization is enforced for variable & detail query	Closed	Unassigned
6.	Authorization is enforced for task query	Closed	Unassigned
7.	Authorization is enforced for identity link log query	Closed	Unassigned
8.	For cleanup, set removal time when a user creates an authorization	Closed	Unassigned
9.	For cleanup, set removal time non-hierarchical via process batch operation	Closed	Unassigned
10.	On process instance deletion, historic authorization is removed	Closed	Unassigned
11.	I can read docs	Closed	Unassigned
12.	In Admin, I can grant authorization	Closed	Michael Schoettes
13.	Authorization is enforced for historic incident query	Closed	Unassigned
14.	Authorization is enforced for job log query	Closed	Unassigned
15.	Authorization is enforced for external task log query	Closed	Unassigned
16.	Authorization is enforced for user operation log query	Closed	Unassigned
17.	Correct Javadocs for historic activity instance query	Closed	Unassigned
18.	Revert perform auth checks for the historic process instance query when data is missing	Closed	Unassigned
19.	I can read docs about historic incident, job log, external task log & user operation log query	Closed	Unassigned
20.	Adjust query test cases to check additionally ids	Closed	Unassigned

Assignee:: Tassilo Weidner-Mühl
Reporter:: Thorben Lindhauer
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: 13/Dec/19 10:25 AM
Updated:: 10/Jun/20 5:21 PM
Resolved:: 02/Jun/20 4:25 PM

Details

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates

Salesforce